go
/
gvisor
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
gvisor/pkg
History
Rahat Mahmood 24f0686ac6 cgroupfs: Set initial cgroup ownership based on initial app uid/gid. 
When the init task is specifically placed into some initial cgroup,
sandbox users expect to be able to create cgroupfs dirs as the app
uid/gid.

Previously we default the synthetic directories for the initial cgroup
to 0555, which disallows arbitrary users from creating children.

Add a way to specify the ownership and permissions for the initial
cgroup, and sandbox uses can use these to make the initial cgroup dir
writable by the init task's user.

PiperOrigin-RevId: 447614804
 		2022-05-09 18:49:20 -07:00
..
abi Implement close_range. 2022-02-28 09:37:03 -08:00
atomicbitops Merge pull request #7391 from zhlhahaha:2477 2022-05-05 13:07:01 -07:00
binary
bitmap Implement close_range. 2022-02-28 09:37:03 -08:00
bits Add go:build directives as required by Go 1.17's gofmt. 2021-07-20 16:28:45 -07:00
bpf Remove uses of the binary package from the rest of the sentry. 2021-05-04 16:41:08 -07:00
buffer Convert fdbased link endpoints to use pkg/buffer instead of VectorizedViews. 2022-05-06 14:42:53 -07:00
cleanup
compressio Remove uses of the binary package from the rest of the sentry. 2021-05-04 16:41:08 -07:00
context Align Context API with kernel internals. 2021-12-08 23:51:37 -08:00
control Merge pull request #6222 from avagin:stop 2021-06-25 15:43:17 -07:00
coretag Implement core tagging 2022-02-25 21:51:02 -08:00
coverage switch remaining sync/atomic to atomicbitops for 32 bit values 2022-04-21 22:27:05 -07:00
cpuid Merge pull request #7391 from zhlhahaha:2477 2022-05-05 13:07:01 -07:00
crypto Change EcdsaVerify to specifically P-384 and compute the SHA384 digest. 2021-09-22 15:01:56 -07:00
errors [syserr] Move ConvertIntr function to linuxerr package 2021-11-04 14:55:52 -07:00
eventchannel Take direct dependency on Any proto 2022-04-07 12:04:03 -07:00
eventfd Add support for virtio net headers in sharedmem endpoint. 2021-12-13 23:39:05 -08:00
fd prohibit direct use of sync/atomic (u)int64 functions 2022-04-08 16:06:26 -07:00
fdchannel Add go:build directives as required by Go 1.17's gofmt. 2021-07-20 16:28:45 -07:00
fdnotifier Yield P after notifying event waiters in fdnotifier. 2022-02-24 14:30:32 -08:00
flipcall switch remaining sync/atomic to atomicbitops for 32 bit values 2022-04-21 22:27:05 -07:00
fspath Port most syscalls to VFS2. 2020-02-25 13:37:34 -08:00
gohacks Sentry: Implement timer metrics. 2022-03-22 20:59:48 -07:00
goid Bump gVisor build tags to go1.20 2022-03-08 14:02:19 -08:00
hostarch Enable tmpfs size mount option. 2022-04-18 18:50:24 -07:00
hostos Implement core tagging 2022-02-25 21:51:02 -08:00
ilist Don't hold EpollInstance.mu while calling FileDescription.Readiness(). 2022-03-04 11:07:37 -08:00
linewriter
lisafs Allow creating unix domain sockets on the host, behind a flag. 2022-05-07 18:27:18 -07:00
log switch remaining sync/atomic to atomicbitops for 32 bit values 2022-04-21 22:27:05 -07:00
marshal Add Checked methods to go_marshal. 2021-11-19 20:16:54 -08:00
memutil Add go:build directives as required by Go 1.17's gofmt. 2021-07-20 16:28:45 -07:00
merkletree Internal change. 2021-08-23 14:51:50 -07:00
metric Add KVM specific metrics. 2022-05-06 12:21:49 -07:00
p9 switch remaining sync/atomic to atomicbitops for 32 bit values 2022-04-21 22:27:05 -07:00
pool Remove existing nogo exceptions. 2020-12-11 12:06:49 -08:00
procid Bump gVisor build tags to go1.20 2022-03-08 14:02:19 -08:00
rand Add go:build directives as required by Go 1.17's gofmt. 2021-07-20 16:28:45 -07:00
refs switch remaining sync/atomic to atomicbitops for 32 bit values 2022-04-21 22:27:05 -07:00
refsvfs2 Remove TCP endpoint goroutines. 2022-04-18 17:35:36 -07:00
ring0 Remove unused ring0.RestoreKernelFPState. 2022-04-06 14:20:46 -07:00
safecopy Move `safecopy.ReplaceSignalHandler` into `sighandling` package. 2021-09-28 16:56:39 -07:00
safemem Internal change. 2021-08-12 01:40:34 -07:00
seccomp filters: don't allow to create new executable mappings 2022-02-03 14:54:09 -08:00
secio Standardize on tools directory. 2020-01-27 12:21:00 -08:00
segment Fix simple mistakes identified by goreportcard. 2021-01-12 12:38:22 -08:00
sentry cgroupfs: Set initial cgroup ownership based on initial app uid/gid. 2022-05-09 18:49:20 -07:00
shim prohibit direct use of sync/atomic (u)int64 functions 2022-04-08 16:06:26 -07:00
sighandling Exempt SIGPIPE from sentry signal forwarding. 2022-04-29 11:46:33 -07:00
sleep switch remaining sync/atomic to atomicbitops for 32 bit values 2022-04-21 22:27:05 -07:00
state Add go:build directives as required by Go 1.17's gofmt. 2021-07-20 16:28:45 -07:00
sync prohibit direct use of sync/atomic (u)int32 functions 2022-04-27 11:25:14 -07:00
syncevent switch remaining sync/atomic to atomicbitops for 32 bit values 2022-04-21 22:27:05 -07:00
syserr Automated rollback of changelist 407638912 2021-11-17 17:07:05 -08:00
tcpip Replace VectorisedView in link endpoints with pkg/buffer.Buffer. 2022-05-09 14:22:08 -07:00
test test/runtime: add the timeout option for proctor 2022-03-25 19:38:39 -07:00
trie Implement a simple prefix-Trie structure for storing arbitrary payloads 2022-05-03 14:09:32 -07:00
unet switch remaining sync/atomic to atomicbitops for 32 bit values 2022-04-21 22:27:05 -07:00
urpc Merge pull request #6222 from avagin:stop 2021-06-25 15:43:17 -07:00
usermem introduce atomicbitops 32-bit types 2022-04-18 17:41:53 -07:00
waiter Merge pull request #7391 from zhlhahaha:2477 2022-05-05 13:07:01 -07:00